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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of lime may be available under the provisions of 37 CFR 1 .136(a). (n no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)13 Responsive to communication(s) filed on 19 July 2004 . 
2a)M This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is In condition for allowance except for fonnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-36 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) Is/are allowed. 

6) 13 Claim(s) 1-36 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 16 June 2000 is/are: a)KI accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required ifthe drawing(s) is objected to. See 37 CFR 1.121(d), 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or fonn PTO-1 52. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

1. Claims 1-36 are pending in the application. 

2. Claims 1-36 stand being rejected. 

Response to Arguments 

3. Applicant's arguments filed 5/17/04 have been fully considered but they are not persuasive. 

On page 18, the applicant argues that Toh is not deemed to be fiinctioning routers that 
have become compromised, and are not excised from the network or disregarded. The applicant 
argues that they are merely deemed to be less than ideal for routing. 

The examiner respectfully disagrees. Toh teaches removing router that have been 
compromised. 

On page 18, the applicant argues that Haas is not looking to determine that functioning 
nodes have become compromised, or to excise or disregard such nodes. 

The examiner respectfully disagrees. Haas teaches that compromised nodes are deleted. 

On page 19, the applicant argues that Li does not excise or disregard the inoperative 
router, but rather put an operative one in its place. 

The examiner respectfully disagrees. Li teaches that data is rerouted. Therefore, data is 
cutoff from the compromised node. 

On page 19, the applicant argues that Raz does not even relate to an ad-hoc wireless 
network and does not teach or suggest techniques for handling functioning of compromised 
routers. 

The examiner respectfully disagrees. Raz teaches that wireless devices may be used in 
the network and deletion of compromised routers. 
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Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U S.C. 102(e) by the American Inventors Protection Act of 1999 
(ATP A) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35U.S.C. 102(e)). 

4. Claims 1, 2, 6-8, 10-12 and 15 are rejected under 35 U.S^C. 102(e) as being anticipated 
by Toh U.S. Patent No, 5,987,01 1. 

As to claims 1 and 24, Toh discloses an electronic memory circuit having network 
information stored therein [column 6, lines 22-47]. Toh discloses an electronic processor circuit 
that evaluates an excising signal received from the netv^ork control computer [column 6, lines 
22-47]. Toh discloses that the excising signal contains information regarding a first router of the 
plurality of routers to be excised from the network [column 8, lines 23-48]. Toh discloses 
determining an authenticity of the excising signal [column 8, lines 23-48]. Toh discloses 
excising the first router when the excising signal is authenticated [column 9 line 14 to column 10 
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line 7]. Toh discloses rerouting the excising signal to at least a second router of the plurality of 
routers when the excising signal is authenticated [column 9 line 14 to column 10 line 7]. 

As to claim 2, Toh discloses that the electronic processor circuit excises the first router by 
adding the first router to information regarding routers stored in the electronic memory circuit 
[column 7, lines 42-67]. Toh discloses removing from the electronic memory circuit routing 
updates corresponding to the first router [column 7, lines 42-67]. Toh discloses removing the 
first router from a neighbor table stored in the electronic memory circuit when the first router is 
listed therein [column 7, lines 42-67]. Toh discloses recomputing a forwarding table to direct 
future routing [column 7, lines 42-67]. 

As to claim 6, Toh discloses that the electronic processor reinstates the first station when 
the communications router receives and verifies a reinstate message from the network control 
computer [column 8, lines 36-41]. 

As to claim 7, Toh evaluating an excising signal received from the network control 
computer [column 19 line 17 to column 20 line 23]. Toh discloses that the excising signal 
contains information regarding a second router of the plurality of routers to be excised from the 
network [column 19 line 17 to column 20 line 23]. Toh discloses determining an authenticity of 
the excising signal [column 19 line 17 to column 20 line 23], Toh discloses excising the second 
router when the excising signal is authentic. Toh discloses rerouting the excising signal to at 
least a third router of the plurality of routers [column 19 line 17 to column 20 line 23]. 

As to claim 8, Toh discloses adding the second router to information regarding routers 
stored in a memory [column 7, lines 42-67]. Toh discloses removing from the communications 
router routing updates corresponding to the second router [column 7, lines 42-67]. Toh discloses 
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removing the second router from a neighbor table of the communications router when the second 
router is listed therein. Toh discloses recomputing a forwarding table [column 7, Hnes 42-67]. 

As to claims 10 and 11, Toh discloses evaluating a signal received through the 
transceiver from another network router [column 15, lines 39-57]. Toh discloses identifying 
which network router a signal has just been received from [column 15, lines 39-57]. Toh 
discloses determining if the network router is identified by the information regarding excised 
routers [column 16, lines 1-15]. Toh discloses discarding the signal when the router is listed. 
Toh discloses processing the signal when the router is not Usted [column 16, lines 1-15]. Toh 
discloses processing the signal when the router is listed [column 16, lines 1-15]. Toh discloses 
recomputing the forwarding table [column 16, lines 1-15]. 

As to claim 12, Toh discloses removing the second router from information regarding 
non-compromised routers stored in a memory [column 7, lines 51-64], Toh discloses removing 
from the communications router routing updates corresponding to the second router [column 1 1, 
lines 46-65]. Toh discloses removing the second router from a neighbor table of the 
communications router when the second router is listed therein [column 1 1, lines 46-65]. 

As to claim 15, Toh discloses the step of reinstating the second station when the 
communications router receives and verifies a reinstate message from the network control 
computer [column 12, lines 18-34]. 

5. Claim 16 is rejected under 35 U.S.C. 102(e) as being anticipated by Haas U.S. Patent No. 
6,304,556 81. 

As to claim 16, Haas discloses a memory having network information stored thereon 
[column 7, lines 36-56]. Haas discloses a processor that operates the mobile station as a cluster 
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head or cluster member station [column 8, lines 37-65]. Haas discloses that the processor 
evaluates an excising signal received from the network control computer, the excising signal 
containing information regarding a first cluster head or cluster member station to be excised from 
the netv^ork; (iii) verifies the authenticity of the excising signal; (iv) excises the first cluster head 
or cluster member station when the excising signal is authentic; and (v) distributes the excising 
signal to at least a second cluster head or cluster member station [column 9, lines 32-63]. 
6* Claims 25 and 26 are rejected under 35 U.S.C 102(b) as being anticipated Li et al U.S. 
Patent No. 5,473,599. 

As to claims 25 and 26, Li et al discloses authenticating in the first router a signal 
received from the control computer, the signal identifying at least one router to be cut-off from 
communicating with the network [column 6 line 58 to column 7 line 15]. Li et al discloses 
preventing the first router from communicating with the at least one cut-off router when the 
signal is authenticated [column 7, lines 16-29]. Li et al discloses redistributing the cut-off signal 
to each of the plurality of routers, except for the at least one cut-off router, and preventing each 
of the remaining routers from communicating with the at least one cut-off router. Li et al 
discloses that when a router receives a message from one of the plurality of routers, the router 
determines if the message is from the at least one cut-off router, and processes the message only 
when the message is not from the at least one cut-off router [column 8, lines 8-56]. 
7. Claims 27-35 are rejected under 35 U.S.C. 102(e) as being anticipated Miriyala U.S. 
Patent No. 6,618,377 Bl. 
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As to claim 27, Miriyala discloses excising a compromised router from the network. 
Miriyala discloses determining whether messages transmitted between the plurality of routers are 
from the compromised router [column 6, lines 36-53], 

As to claim 28, Miriyala discloses the step of reinstating the compromised router when it 
becomes non-compromised [column 7 line 63 to column 8 line 3], 

As to claim 29, Miriyala discloses that the plurality of routers are prevented from 
communicating with the compromised router [column 12, lines 20-32]. 

As to claims 30 and 31, Miriyala discloses that the determining step comprises consulting 
a data structure representing excised routers to determine if the router is noncompromised 
[column 12, lines 34-55]. 

As to claim 32, Miriyala discloses code to excise a compromised router from the network 
[column 12, lines 20-32]. Miriyala discloses code to verify that messages transmitted among the 
plurality of routers are from non-compromised routers [column 12, lines 20-32]. Miriyala 
discloses code to reinstate the compromised router when it becomes non-compromised [column 
12, lines 20-32]. 

As to claims 33 and 34, Miriyala discloses receiving a message from one of the plurality 
of routers in the network [column 13, lines 9-30]. Miriyala discloses determining a router 
identifier for the router that just transmitted the message [column 13, lines 9-30]. Miriyala 
discloses determining whether the information regarding compromised routers in the network 
includes the router identifie [column 13, lines 9-3 0]r. Miriyala discloses disregarding the 
message when the router is listed in the information regarding compromised routers. Miriyala 
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discloses disregarding the message when the router is not listed in the information regarding 
non-compromised routers [column 13, lines 41-56]. 

As to claim 35, Miriyala discloses determining a compromised router of the plurality of 
routers in the network, as discussed above. Miriyala discloses excising the compromised router 
from the network, as discussed above. Miriyala discloses preventing the plurality of routers from 
communicating with the compromised router, as discussed above. 

Claim Rejections - 35 JJSC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 3, 4, 9 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Toh U.S. Patent No. 5,987,011 as applied to claim 1 above, and further in view of Raz et al 
U.S. Patent No. 6,529,515 Bl. 

As to claims 3, 9 and 13, Toh does not teach that the electronic processor circuit further 
causes a message to be transmitted to the network control computer and to disregard the excising 
signal each when the excising signal is not authentic. 

Raz et al teaches a message to be transmitted to the network control computer and to 
disregard the excising signal each when the excising signal is not authentic [column 8, lines 9- 
27]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Toh so that a message would have been 
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transmitted to the network control computer and to disregard the excising signal each when the 
excising signal is not authentic. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Toh by the teaching of Raz et al because it provides 
efficient use of network resources, without increasing the complexity of application 
development. Advantageously, it enables the safe execution and rapid deployment of new 
distributed management applications in a network layer. This active network approach can be 
gradually integrated into, e.g., an otherwise conventional IP network, and allows smooth 
migration from conventional IP to programmable networks [column 3, lines 5-15]. 

As to claim 4, Toh as modified teaches that the electronic processor circuit further 
evaluates a signal received through the transceiver from another network router. Toh as 
modified teaches identifying which network router the signal has been received from [column 
15, lines 18-37]. Toh as modified teaches determining if the network router is listed with the 
information regarding excised routers. Toh as modified teaches discarding the signal when the 
router is listed. Toh as modified teaches processing the signal when the router is not listed 
[column 15, lines 39-57]. 

9. Claims 5 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Toh 
U.S. Patent No. 5,987,011 as applied to claim 1 above, and further in view of Applied 
Cryptography (hereinafter Schneier). 

As to claims 5 and 14, Toh does not teach that the electronic processor circuit determines 
the authenticity of the excising signal using a public encryption key. 

Schneier teaches the use and benefits of public key encryption [pages 461-462]. 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Toh so that the electronic processor circuit would 
have determined the authenticity of the excising signal using a public encryption key. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Toh by the teaching of Raz et al because public-key is 
designed to resist chosen-plaintext attacks, their security is based both on the difficulty of 
deducing the secret key from the public key and the difficulty of deducing the plaintext from the 
cipher text [page 462]. 

10. Claims 17-23 are rejected under 35 U,S.C. 103(a) as being unpatentable over Li et al 
U.S. Patent No. 5,473,599 in view of Chaum U.S. Patent No. 4,947,430. 

As to claims 17, 19 and 22, Li et al discloses formulating in the control computer an 
excise signal indicating at least a second router to be excised from the network [column 5, lines 
26-39]. Li et al discloses adding the information identifying the second router to information 
regarding excised routers stored in memory of the first router, as discussed above. Li et al 
discloses removing from the first router routing updates corresponding to the second router. Li 
et al discloses removing information corresponding to the second router from a neighbor table of 
the first router when the second router is listed therein [column 6, lines 40-57. Li et al discloses 
recomputing a forwarding table in the first router. Li et al discloses redistributing the excise 
signal to each of the plurality of routers, except for the second router [column 10, lines 12-45]. 
Li et al discloses determining, in each of the plurality of routers when receiving a message from 
another one of the plurality of routers. Li et al discloses an identifier for the router from which 
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the message is received and processing the message only when the information regarding excised 
routers does not include the identifier authentic [column 13, lines 31-61], 

Li et al does not teach providing a digital signature of the control computer on the excise 
signal and transmitting the excise signal to the first router. Li et al does not teach verifying the 
signature on the excise signal in the first router. Li et al does not teach that the digital signature 
is validated using a public encryption key. 

Chaum teaches providing a digital signature of the control computer on the excise signal 
and transmitting the excise signal to the first router. Chaum teaches verifying the signature on 
the excise signal in the first router [column 3, lines 29-42]. Chaum teaches that the digital 
signature is validated using a public encryption key [column 8, lines 27-46]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Li et al so that a digital signature would have been 
provided for the control computer. The digital signature would have been verified on the excise 
signal in the first router. The digital signature would have been validated using a public key. 

It would have been obvious to a person having ordinary skill in the art at the fime the 
invention was made to have modified Li et al by the teaching of Chaum because it requires 
consent every time the signature is verified and provides a binding signature that cannot be 
forged to authenticate a user [column 2, lines 36-46] . 

As to claims 18 and 23, Li et al teaches the steps of transmitting a message to the control 
computer from the first router and causing the first router to disregard the excise signal each 
when the excise signal is not authenfic [column 14, lines 28-56]. 
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As to claim 20, Li et al teaches the step of reinstating the excised second router, as 
discussed above. 

As to claim 21, Li et al teaches that a router disregards the message when the information 
regarding excised routers includes the identifier, as discussed above. 

IL Claim 36 is rejected under 35 U.S.C. 103(a) as being unpatentable over Miriyala U.S. 
Patent No. 6,618,377 Bl as applied to claim 35 above, and further in view of Nessett et al 
U.S. Patent No. 5,968,176. 

As to claim 36, Miriyala does not teach determining step comprises determining a 
compromised router through embedded firewall functionality provided in each of the plurality of 
routers. 

Nessett et al teaches routers with firewall functionality provided in each of the plurality 
of routers [column 7, lines 48-55]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Miriyala so that a compromised router would 
have been determined through its embedded firewall functionality provided in each of the 
plurality of routers. 

It would have been obvious to a person having ordinary skill in the art at the fime the 
invention was made to have modified Miriyala by the teaching of Nessett et al because security 
functions placed in network interface cards, in switches, in routers, and in remote access systems, 
and provides a system administrator the opportunity to move firewall funcfionality out to the 
variety of devices in the networks to create a pervasive, multilayer firewall. Security features can 
be distributed in multiple layers to multiple devices, and managed using a coherent security 
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policy management interface that provides a security administrator convenient and clear control 
over the security properties of the network. The distributed ftmctionality, and convenient and 
clear control allow scaling advantages for firewalls that now exist only for systems such as 
distributed remote monitoring dRMON, or other sophisticated network systems that are directed 
to single purpose functions [column 6, lines 12-26]. 

Conclusion 

12. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Aravind K Moorthy 
September 1, 2004 
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SUPERVISORY PATENT EXAWllWER 
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